Privacy guidelines on internet and e-mail in the workplaceBackground
The use of audiovisual equipment and other similar equipment used by the employer to monitor the activities of employees is forbidden by Article 4 of the Statute of Worker’s Rights (Act 300/1970). The prevailing approach in case law is that hardware and software used for monitoring electronic communication systems and websites accessed by employees is included in the remote monitoring methods prohibited by Article 4 of the Act. If such equipment is required for organisational purposes, production purposes or for work safety but it also involves monitoring of employees, it will require the consent of company-level trade union representatives in order to be installed and made active.
If agreement cannot be obtained, the employer may apply to a public body for authorisation to install such equipment.New legislation
In 2007 the Data Protection Authority provided new guidelines relating to measures to be adopted by employers in order to prevent/avoid any illicit control of e-mails or websites accessed by employees.
The basic principles are that employers should make employees aware of the circumstances in which they will monitor e-mails and internet use: a company Code of Conduct for monitoring of e-mails and internet use is highly recommended by the Authority. Controls placed on e-mails which are necessary and legitimate shall always be, as a first option, carried out in a way that does not enable the employer to identify employees. Only once a serious offence has been identified and confirmed can more direct controls be carried out (subject always to the prohibition under Article 4 and 8 of the Act).
The guidelines recommend that employers take steps to eliminate risks connected with the misuse of email and internet facilities by employees, thereby reducing the need for monitoring. For example, the Authority suggests identifying websites which are potentially related to the performance of employees' work, in conjunction with the use of filters to prevent unauthorised access to other websites.
On the subject of e-mail policy, the Authority guidance states that on the instruction of the employer, employees must use automatic out-of-office messages when they are out of the office and that this should include the name of another employee as a contact, in order to avoid the need to check employees’ emails.
When an employee is unexpectedly out of the office the Authority suggests that the employer designate a particular employee who is authorised to check such e-mails received by the absent employee, so that he/she can directly forward relevant messages about urgent company tasks, without the need for further checks by the employer.Effect on employers
The legal consequences of failing to comply with the prohibition set out in Article 4 of the Act can result in criminal sanctions: including a fine between €154 and €1549 or imprisonment for between 15 days and 1 year.
In order to dismiss an employee and/or apply any disciplinary sanctions, the employer must adopt a disciplinary code and have it properly displayed in the workplace, where the code can be easily read by employees.Case law
The dismissal of an employee on 3 July 2002 for leaving his workplace during working hours was held to be void by the Italian Court of Cassation on 17 July 2007. The Court found that the dismissal was void since the evidence of the employee leaving the workplace, through the car park, had been gained through the use of remote control equipment. The Court held that the employee should be reinstated. As a consequence the employee was also entitled to all lost remunerations for the period between termination of employment and reinstatement (a total period of 5 years). The case was previously considered by the Milan Court who considered the termination void, while the Court of Appeal had declared it lawful.